Add an option to disable the requirement of ‘member confirmation’ processes when ‘Domain Verification’ is used, the member email address matches the domain, and the user has been invited to join the organisation.
Seems apparent to me, that in this scenario there is no need for an ‘approval’ as they’ve been invited and are obviously a member of the organisation. Perhaps, also add a new email notification to Owner and Admin role users that this user has joined the Organisation. Just for informational sake.
I‘d love to see this feature. We are currently switching to Bitwarden and we‘d like to invite round about 200-300 users at one time and I don‘t want to approve them all manually…
The confirmation step facilitates the exchange of the encryption keys with the organization and the user, which then allows the user to access collections and shared items. For non-encrypted products, you don’t have this third-step as everything is shared from the server (and exposed if the server gets hacked).
This is an intentional security design and is explained in further detail in the security whitepaper.
Thanks for this Gina, I will have a read through that Github link.
Worth mentioning, as an IT Admin (even one who is security minded and appreciates the inclusion of encryption keys) Admins will tend to just confirm the member confirmations without actually confirming the keys with the end-users, purely out of simplicity and time saving. Not ideal practice, but we just don’t have the time do it, and connecting with end-users and confirming the information is often more difficult and time consuming than you’d think.